[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbc1gP_VCPrKpr09fyT2K7kQvDMCj1Y72PFhVWNaA7nE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":149,"fingerprints":279},"json-dashboard-infos","JSON Dashboard Infos","1.0.4","Richard Carlier","https:\u002F\u002Fprofiles.wordpress.org\u002Frichnou\u002F","\u003Cp>The basic idea is to be able to build a dashboard centralizing information from several WordPress, and thus monitor them all at once …\u003C\u002Fp>\n\u003Cp>Warning : this plugin is mostly technical…\u003C\u002Fp>\n\u003Cp>Demonstrations (in video, and in French)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=JCyXrJ3G6-of\" rel=\"nofollow ugc\">Presentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=7T44xJj3jPM\" rel=\"nofollow ugc\">Installation, configuration\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=cfV-TfHQCyw\" rel=\"nofollow ugc\">Dashboard with React\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Expose informations from your Wordpress, in JSON format, to allow you to create centralized dashboards (not included ...)",10,1046,0,"2020-09-12T07:15:00.000Z","5.5.18","4.9","5.3.29",[19,20,21,22,23],"api","dashboard","export-data","json","stats","https:\u002F\u002Fgithub.com\u002Frcarlier\u002Fjson-dashboard-infos","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjson-dashboard-infos.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"richnou",1,30,84,"2026-04-05T03:22:16.795Z",[37,59,87,108,131],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":57,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"mobile-app-dashboard-custom-fields-json-api","Mobile APP Dashboard  Custom Fields Json API","1.1","mainsufian","https:\u002F\u002Fprofiles.wordpress.org\u002Fmainsufian\u002F","\u003Cp>Plugin for provide Configuration page or Dashboard for your mobile APP so you can add custom fields as many as you want and get data in Jason API. you just need to install and activate the plugin and add your data in custom fields tab under settings menu after that you need to create a post with jason API type and hit on front end of your post you get jason data of your fields.\u003C\u002Fp>\n","Plugin for provide Configuration page or Dashboard for your mobile APP so you can add custom fields as many as you want and get data in Jason API.",2376,100,2,"2018-12-30T10:30:00.000Z","5.0.25","3.0.1","",[20,53,54,55,56],"json_api","mobile","mobileapp","mobile_app_dashboard","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmobile-app-dashboard-custom-fields-json-api\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmobile-app-dashboard-custom-fields-json-api.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":81,"download_link":82,"security_score":83,"vuln_count":84,"unpatched_count":13,"last_vuln_date":85,"fetched_at":86},"google-analytics-dashboard-for-wp","ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)","9.0.3","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fexactmetrics.com?utm_source=wprepo&utm_medium=link&utm_campaign=liteversion\" rel=\"nofollow ugc\">ExactMetrics\u003C\u002Fa> Google Analytics for WordPress plugin helps you properly setup all the powerful Google Analytics tracking features without writing any code or hiring a developer.\u003C\u002Fp>\n\u003Cp>More importantly, over 1 million users love ExactMetrics because of our signature Google Analytics Dashboard that helps you view key Google Analytics stats right inside your WordPress dashboard.\u003C\u002Fp>\n\u003Cp>Our goal at ExactMetrics is to help you grow your business faster with data-driven decisions.\u003C\u002Fp>\n\u003Cp>This is why we built the most comprehensive Google Analytics plugin for WordPress, so you can setup all the powerful tracking features that website owners otherwise miss out on when simply pasting the analytics code in WordPress.\u003C\u002Fp>\n\u003Cp>We go beyond the simple google analytics script and add the advanced event tracking, so you can see all important user behavior in WordPress with just a few clicks (without hiring a developer).\u003C\u002Fp>\n\u003Cp>ExactMetrics works automatically Google Analytics 4 (GA4) so that you can your website can be prepared for the future of Google Analytics.\u003C\u002Fp>\n\u003Cp>Basically, we made the same advanced Google analytics setup that big enterprise companies used to pay thousands of dollars for, available to every small business owner without the high costs.\u003C\u002Fp>\n\u003Cp>This is why even the large companies like Microsoft, Quickbooks, Pizza Hut, Delta, Pepsi, Coldwell Bankers, and many others are using ExactMetrics to properly setup Google Analytics and see the custom analytics reports in WordPress.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>ExactMetrics Pro\u003C\u002Fstrong>\u003Cbr \u002F>\n  This plugin is the lite version of ExactMetrics Pro plugin that comes with all the Google analytics tracking features you will ever need including events tracking, ecommerce tracking, custom dimensions tracking, form conversion tracking, affiliate link tracking, and tons more. \u003Ca href=\"https:\u002F\u002Fexactmetrics.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=liteversion\" rel=\"nofollow ugc\">click here to purchase the best premium Google Analytics plugin for WordPress Now!\u003C\u002Fa>.\u003Cbr \u002F>\n  We are on a mission to level the playing field for small businesses, so they can grow their business faster with data-driven decisions.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F4GZ-IgZssao?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>See what one business owner is saying about ExactMetrics:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This is absolutely, positively, one of the TOP plugins to install on your WP site. There is no better way to quickly gauge traffic for spikes, surges, and consistency. I installed this on over a dozen WordPress installations and counting, thank you for an outstanding app!\u003Cbr \u002F>\n  Daniel Monaghan\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Custom Google Analytics Reports\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Overview Report – See the most important Google Analytics data in an easy to understand report, right inside your WordPress dashboard (Save 5 minutes each day).\u003C\u002Fli>\n\u003Cli>Publisher Report – See exactly which content gets the most visit, which affiliate links are performing the best, what new partnership opportunities you should pursue, and more.\u003C\u002Fli>\n\u003Cli>Ecommerce Report – See all your important online store metrics in one place such as total revenue, conversion rate, average order value, top products, top conversion sources, and more.\u003C\u002Fli>\n\u003Cli>Search Console Report – See how well your website is ranking in Google, so you can optimize your SEO to grow your traffic.\u003C\u002Fli>\n\u003Cli>Forms Report – See your conversion stats for various contact forms and lead forms on your website to improve conversions.\u003C\u002Fli>\n\u003Cli>Custom Dimensions Report – See useful stats like most popular authors, best publication times, popular categories, tags, Yoast focus keywords, SEO score, etc.\u003C\u002Fli>\n\u003Cli>Real Time Report – see who is online on your website in real-time, right inside your WordPress dashboard.\u003C\u002Fli>\n\u003Cli>Customizable Google Analytics Dashboard Widget – Our dashboard widget allows you to have quick access to your most important stats at the moment you login to your WordPress dashboard.\u003C\u002Fli>\n\u003Cli>Page Insights in Admin Bar – Easily view analytics for each individual page and post from the ExactMetrics menu in WordPress admin bar while browsing your website.\u003C\u002Fli>\n\u003Cli>Landing Page Report – Shows you which pages your visitors land, without needing to log into Google Analytics.\u003C\u002Fli>\n\u003Cli>Source and Medium Report – gives you an easy view of Google Analytics UTM tracking.\u003C\u002Fli>\n\u003Cli>Technology Report – See which devices and browsers use your website the most.\u003C\u002Fli>\n\u003Cli>Campaign Report – Shows you Google Analytics UTM tracking and key metrics.\u003C\u002Fli>\n\u003Cli>Pages Report – See which pages are most poplular on your website.\u003C\u002Fli>\n\u003Cli>Coupon Report – See which coupons are used most on your website.\u003C\u002Fli>\n\u003Cli>Funnel Report – See how people buy from your store.\u003C\u002Fli>\n\u003Cli>Email Summaries – Get the most important metrics delivered to you and\u002For your client’s email inboxes weekly with our brandable Email Summaries, allowing you to keep up to date on your website’s Google Analytics results even without needing to login to the Google Analytics dashboard.\u003C\u002Fli>\n\u003Cli>PDF Exports – Easily take your ExactMetrics reports with you or send them to clients or colleagues by exporting all ExactMetrics reports as a brandable PDF.\u003C\u002Fli>\n\u003Cli>Site Speed Report – helps you improve your website’s performance by displaying key metrics and actionable tips to improve those based on WordPress-specific solutions.\u003C\u002Fli>\n\u003Cli>Popular Posts – Display popular posts in your post content automatically or using Gutenberg blocks and shortcodes. Show off your top posts to your visitors using sidebar widgets, Gutenberg blocks or shortcodes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Integrations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WooCommerce Google Analytics – Automatically setup Google analytics enhanced eCommerce tracking for WooCommerce and WooCommerce analytics.\u003C\u002Fli>\n\u003Cli>Easy Digital Downloads Google Analytics – Automatically setup Google analytics enhanced eCommerce tracking for EDD.\u003C\u002Fli>\n\u003Cli>MemberPress Google Analytics – Automatically setup Google analytics enhanced eCommerce tracking for MemberPress.\u003C\u002Fli>\n\u003Cli>WPForms Google Analytics – Automatically setup form conversion tracking for WPForms.\u003C\u002Fli>\n\u003Cli>Formidable Forms Google Analytics – Automatically setup form conversion tracking for Formidable Forms.\u003C\u002Fli>\n\u003Cli>Gravity Forms Google Analytics – Automatically setup form conversion tracking for Gravity Forms.\u003C\u002Fli>\n\u003Cli>YouTube Google Analytics – Automatically track video starts, stops, and watch progression of video plays of your YouTube videos.\u003C\u002Fli>\n\u003Cli>Vimeo Google Analytics – Automatically track video starts, stops, and watch progression of video plays of your Vimeo videos.\u003C\u002Fli>\n\u003Cli>HTML5 Video Google Analytics – Automatically track video starts, stops, and watch progression of video plays of your Vimeo videos.\u003C\u002Fli>\n\u003Cli>Exclude from Tracking Google Analytics – Disable loading of Google Analytics tracking on specific pages or posts.\u003C\u002Fli>\n\u003Cli>Contact Form 7 Google Analytics – Automatically setup form conversion tracking for Contact Form 7.\u003C\u002Fli>\n\u003Cli>Yoast Google Analytics – Automatically setup SEO score tracking for Yoast SEO with custom dimensions.\u003C\u002Fli>\n\u003Cli>Pretty Links Google Analytics – Automatically setup affiliate link tracking for Pretty Links.\u003C\u002Fli>\n\u003Cli>Thirsty Affiliates Google Analytics – Automatically setup affiliate link tracking for Thirsty Affiliates.\u003C\u002Fli>\n\u003Cli>AffiliateWP Google Analytics – Automatically setup affiliate link tracking for AffiliateWP.\u003C\u002Fli>\n\u003Cli>User Journey Orders – See which pages visit before becoming customers with WooCommerce, Easy Digital Downloads, MemberPress, LifterLMS, Restrict Content Pro, or GiveWP.\u003C\u002Fli>\n\u003Cli>User Feedback – Automatically track events and impressions with the popular User Feedback plugin.\u003C\u002Fli>\n\u003Cli>Google AdSense + Google Analytics – Automatically setup banner ads tracking for Google AdSense.\u003C\u002Fli>\n\u003Cli>Google Optimize + Google Analytics – Easily enable A\u002FB testing in WordPress with Google Optimize and Google Analytics.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>After reading this comprehensive feature list, you can probably imagine why over 1 million websites use ExactMetrics as their preferred Google Analytics plugin for WordPress.\u003C\u002Fp>\n\u003Cp>Give ExactMetrics a try.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Love this plugin! It’s got powerful customization options, it’s easy to use, there’s good documentation, and if all that’s not enough, ExactMetrics is quick to provide support. Thanks for this wonderful plugin!\u003Cbr \u002F>\n  Julie Dupuis\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>This plugin is created by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fchriscct7\" title=\"Chris Christoff\" rel=\"friend nofollow ugc\">Chris Christoff\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fsyedbalkhi.com\u002F\" title=\"Syed Balkhi\" rel=\"friend nofollow ugc\">Syed Balkhi\u003C\u002Fa> with sponsorship from \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F\" title=\"WPBeginner\" rel=\"friend nofollow ugc\">WPBeginner\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cp>You can translate Google Analytics Dashboard for WP by ExactMetrics on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fgoogle-analytics-dashboard-for-wp\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>.\u003C\u002Fp>\n","Connects Google Analytics with your WordPress site. Displays stats to help you understand your users and site content on a whole new level!",300000,50654058,50,1546,"2026-03-03T15:34:00.000Z","6.9.0","5.6.0","7.2",[76,77,78,79,80],"analytics","google-analytics","google-analytics-dashboard","google-analytics-plugin","website-stats","https:\u002F\u002Fexactmetrics.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-analytics-dashboard-for-wp.9.0.3.zip",90,5,"2026-03-10 21:02:36","2026-03-15T15:16:48.613Z",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":16,"requires_php":101,"tags":102,"homepage":106,"download_link":107,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":86},"disable-json-api","Disable REST API","1.8","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>The most comprehensive plugin for controlling access to the WordPress REST API!\u003C\u002Fp>\n\u003Cp>Works as a “set it and forget it” install. Just upload and activate, and the entire REST API will be inaccessible to your general site visitors.\u003C\u002Fp>\n\u003Cp>But if you do need to grant access to some endpoints, you can do that too. Go to the Settings page and you can quickly whitelist individual endpoints (or entire branches of endpoints) in the REST API.\u003C\u002Fp>\n\u003Cp>You can even do this on a per-user-role basis, so your unauthenticated users have one set of rules while WooCommerce customers have another while Subscribers and Editors and Admins all have their own. NOTE: Out of the box, all defined user roles will still be granted full access to the REST API until you choose to manage those settings.\u003C\u002Fp>\n\u003Cp>For most versions of WordPress, this plugin will return an authentication error if a user is not allowed to access an endpoint. For legacy support, WordPress 4.4, 4.5, and 4.6 use the provided \u003Ccode>rest_enabled\u003C\u002Fcode> filter to disable the entire REST API.\u003C\u002Fp>\n","Disable the use of the REST API on your website to site users. Now with User Role support!",90000,753897,96,38,"2023-09-14T00:26:00.000Z","6.3.8","5.6",[103,19,22,104,105],"admin","rest","rest-api","http:\u002F\u002Fwww.binarytemplar.com\u002Fdisable-json-api","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-json-api.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":118,"num_ratings":119,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":129,"download_link":130,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":86},"jwt-authentication-for-wp-rest-api","JWT Authentication for WP REST API","1.5.0","tmeister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmeister\u002F","\u003Cp>This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.\u003C\u002Fp>\n\u003Ch3>Key features of this free version include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication:\u003C\u002Fstrong> Implements the industry-standard \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519\" rel=\"nofollow ugc\">RFC 7519\u003C\u002Fa> for secure claims representation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Endpoints:\u003C\u002Fstrong> Offers clear \u003Ccode>\u002Ftoken\u003C\u002Fcode> and \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode> endpoints for generating and validating tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Secret Key:\u003C\u002Fstrong> Define your unique secret key via \u003Ccode>wp-config.php\u003C\u002Fcode> for secure token signing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional CORS Support:\u003C\u002Fstrong> Easily enable Cross-Origin Resource Sharing support via a \u003Ccode>wp-config.php\u003C\u002Fcode> constant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Provides filters (\u003Ccode>jwt_auth_expire\u003C\u002Fcode>, \u003Ccode>jwt_auth_token_before_sign\u003C\u002Fcode>, etc.) for customizing token behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.\u003C\u002Fp>\n\u003Cp>For users requiring more advanced capabilities such as multiple signing algorithms (RS256, ES256), token refresh\u002Frevocation, UI-based configuration, or priority support, consider checking out \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_link_soft\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support and Requests:\u003C\u002Fstrong> Please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>. For priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_support_link\" rel=\"nofollow ugc\">PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Ch4>WP REST API V2\u003C\u002Fh4>\n\u003Cp>This plugin was conceived to extend the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API V2\u003C\u002Fa> plugin features and, of course, was built on top of it.\u003C\u002Fp>\n\u003Cp>So, to use the \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> you need to install and activate \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Minimum PHP version: 7.4.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>PHP HTTP Authorization Header Enable\u003C\u002Fh3>\n\u003Cp>Most shared hosting providers have disabled the \u003Cstrong>HTTP Authorization Header\u003C\u002Fstrong> by default.\u003C\u002Fp>\n\u003Cp>To enable this option you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPENGINE\u003C\u002Fh4>\n\u003Cp>For WPEngine hosting, you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\u002F1 for more details.\u003C\u002Fp>\n\u003Ch3>CONFIGURATION\u003C\u002Fh3>\n\u003Ch3>Configure the Secret Key\u003C\u002Fh3>\n\u003Cp>The JWT needs a \u003Cstrong>secret key\u003C\u002Fstrong> to sign the token. This \u003Cstrong>secret key\u003C\u002Fstrong> must be unique and never revealed.\u003C\u002Fp>\n\u003Cp>To add the \u003Cstrong>secret key\u003C\u002Fstrong>, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_SECRET_KEY\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a secure key from: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for easier configuration?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=config_secret_key_link\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to manage all settings through a simple admin UI.\u003C\u002Fp>\n\u003Ch3>Configure CORS Support\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin has the option to activate \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCross-origin_resource_sharing\" rel=\"nofollow ugc\">CORS\u003C\u002Fa> support.\u003C\u002Fp>\n\u003Cp>To enable CORS Support, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_CORS_ENABLE\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_CORS_ENABLE', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Finally, activate the plugin within your wp-admin.\u003C\u002Fp>\n\u003Ch3>Namespace and Endpoints\u003C\u002Fh3>\n\u003Cp>When the plugin is activated, a new namespace is added:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fjwt-auth\u002Fv1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, two new endpoints are added to this namespace:\u003C\u002Fp>\n\u003Cp>Endpoint | HTTP Verb\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fem> | POST\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fem> | POST\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more functionality?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=endpoints_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> includes additional endpoints for token refresh and revocation.\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fh4>\n\u003Cp>This is the entry point for JWT Authentication.\u003C\u002Fp>\n\u003Cp>It validates the user credentials, \u003Cem>username\u003C\u002Fem> and \u003Cem>password\u003C\u002Fem>, and returns a token to use in future requests to the API if the authentication is correct, or an error if authentication fails.\u003C\u002Fp>\n\u003Cp>Sample Request Using AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(function() {\n  var app = angular.module('jwtAuth', []);\n\n  app.controller('MainController', function($scope, $http) {\n    var apiHost = 'http:\u002F\u002Fyourdomain.com\u002Fwp-json';\n\n    $http.post(apiHost + '\u002Fjwt-auth\u002Fv1\u002Ftoken', {\n      username: 'admin',\n      password: 'password'\n    })\n    .then(function(response) {\n      console.log(response.data)\n    })\n    .catch(function(error) {\n      console.error('Error', error.data[0]);\n    });\n  });\n})();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Success Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8\",\n  \"user_display_name\": \"admin\",\n  \"user_email\": \"admin@localhost.dev\",\n  \"user_nicename\": \"admin\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Error Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_failed\",\n  \"data\": {\n    \"status\": 403\n  },\n  \"message\": \"Invalid Credentials.\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you get the token, you must store it somewhere in your application, e.g., in a \u003Cstrong>cookie\u003C\u002Fstrong> or using \u003Cstrong>localStorage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From this point, you should pass this token with every API call.\u003C\u002Fp>\n\u003Cp>Sample Call Using The Authorization Header With AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>app.config(function($httpProvider) {\n  $httpProvider.interceptors.push(['$q', '$location', '$cookies', function($q, $location, $cookies) {\n    return {\n      'request': function(config) {\n        config.headers = config.headers || {};\n        \u002F\u002F Assume that you store the token in a cookie\n        var globals = $cookies.getObject('globals') || {};\n        \u002F\u002F If the cookie has the CurrentUser and the token\n        \u002F\u002F add the Authorization header in each request\n        if (globals.currentUser && globals.currentUser.token) {\n          config.headers.Authorization = 'Bearer ' + globals.currentUser.token;\n        }\n        return config;\n      }\n    };\n  }]);\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin will intercept every call to the server and will look for the Authorization Header. If the Authorization header is present, it will try to decode the token and will set the user according to the data stored in it.\u003C\u002Fp>\n\u003Cp>If the token is valid, the API call flow will continue as normal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>POST \u002Fresource HTTP\u002F1.1\nHost: server.example.com\nAuthorization: Bearer mF_s9.B5f-4.1JqM\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>ERRORS\u003C\u002Fh3>\n\u003Cp>If the token is invalid, an error will be returned. Here are some sample errors:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invalid Credentials\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_failed\",\n    \"message\": \"Invalid Credentials.\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Invalid Signature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Signature verification failed\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Expired Token\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Expired token\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Need advanced error tracking?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=errors_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> offers enhanced error tracking and monitoring capabilities.\u003C\u002Fp>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fh4>\n\u003Cp>This is a simple helper endpoint to validate a token. You only need to make a POST request with the Authorization header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Valid Token Response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_valid_token\",\n  \"data\": {\n    \"status\": 200\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>AVAILABLE HOOKS\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin is developer-friendly and provides five filters to override the default settings.\u003C\u002Fp>\n\u003Ch4>jwt_auth_cors_allow_headers\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_cors_allow_headers\u003C\u002Fstrong> filter allows you to modify the available headers when CORS support is enabled.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'Access-Control-Allow-Headers, Content-Type, Authorization'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_not_before\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_not_before\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.5\" rel=\"nofollow ugc\">\u003Cstrong>nbf\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Creation time - time()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_expire\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_expire\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.4\" rel=\"nofollow ugc\">\u003Cstrong>exp\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>time() + (DAY_IN_SECONDS * 7)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_token_before_sign\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_sign\u003C\u002Fstrong> filter allows you to modify all token data before it is encoded and signed.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = array(\n    'iss' => get_bloginfo('url'),\n    'iat' => $issuedAt,\n    'nbf' => $notBefore,\n    'exp' => $expire,\n    'data' => array(\n        'user' => array(\n            'id' => $user->data->ID,\n        )\n    )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want easier customization?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=hook_payload_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to add custom claims directly through the admin UI.\u003C\u002Fp>\n\u003Ch4>jwt_auth_token_before_dispatch\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_dispatch\u003C\u002Fstrong> filter allows you to modify the response array before it is sent to the client.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$data = array(\n    'token' => $token,\n    'user_email' => $user->data->user_email,\n    'user_nicename' => $user->data->user_nicename,\n    'user_display_name' => $user->data->display_name,\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_algorithm\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_algorithm\u003C\u002Fstrong> filter allows you to modify the signing algorithm.\u003C\u002Fp>\n\u003Cp>Default value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = JWT::encode(\n    apply_filters('jwt_auth_token_before_sign', $token, $user),\n    $secret_key,\n    apply_filters('jwt_auth_algorithm', 'HS256')\n);\n\n\u002F\u002F ...\n\n$token = JWT::decode(\n    $token,\n    new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>JWT Authentication PRO\u003C\u002Fh3>\n\u003Cp>Elevate your WordPress security and integration capabilities with \u003Cstrong>JWT Authentication PRO\u003C\u002Fstrong>. Building upon the solid foundation of the free version, the PRO version offers advanced features, enhanced security options, and a streamlined user experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration UI:\u003C\u002Fstrong> Manage all settings directly from the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Endpoint:\u003C\u002Fstrong> Allow users to refresh expired tokens seamlessly without requiring re-login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation Endpoint:\u003C\u002Fstrong> Immediately invalidate specific tokens for enhanced security control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Token Payload:\u003C\u002Fstrong> Add custom claims to your JWT payload to suit your specific application needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular CORS Control:\u003C\u002Fstrong> Define allowed origins and headers with more precision directly in the settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Protect your endpoints from abuse with configurable rate limits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Logs:\u003C\u002Fstrong> Keep track of token generation, validation, and errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support:\u003C\u002Fstrong> Get faster, dedicated support directly from the developer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=pro_section_cta\" rel=\"nofollow ugc\">Upgrade to JWT Authentication PRO Today!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Free vs. PRO Comparison\u003C\u002Fh3>\n\u003Cp>Here’s a quick look at the key differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic JWT Authentication:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Validation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Mechanism:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Management Dashboard:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & Monitoring:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-IP Identification:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Documentation:\u003C\u002Fstrong> Basic (Free), Comprehensive (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support:\u003C\u002Fstrong> Community via GitHub (Free), Priority Direct Support (PRO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.",60000,893830,88,53,"2026-02-18T00:58:00.000Z","6.9.4","4.2","7.4.0",[125,126,127,105,128],"json-web-authentication","jwt","oauth","wp-api","https:\u002F\u002Fenriquechavez.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authentication-for-wp-rest-api.1.5.0.zip",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":97,"num_ratings":141,"last_updated":142,"tested_up_to":121,"requires_at_least":143,"requires_php":144,"tags":145,"homepage":147,"download_link":148,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":86},"disable-wp-rest-api","Disable WP REST API","2.6.7","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cp>\u003Cstrong>Does one thing:\u003C\u002Fstrong> Completely disables the WordPress REST API for visitors who are not logged into WordPress. No configuration required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> This plugin completely disables the WP REST API for visitors who are NOT logged in to WordPress. So not recommended if your site needs the WP REST API for any non-logged users.\u003C\u002Fp>\n\u003Cp>👉 The fast, simple way to prevent abuse of your site’s REST\u002FJSON API\u003Cbr \u002F>\n👉 Protects your site’s REST data from all non-logged users and bots\u003Cbr \u002F>\n👉 Uses only 4KB of code, so super lightweight, fast, and effective\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Disable REST\u002FJSON for visitors (not logged in)\u003C\u002Fli>\n\u003Cli>Disables REST header in HTTP response for all users\u003C\u002Fli>\n\u003Cli>Disables REST links in HTML head for all users\u003C\u002Fli>\n\u003Cli>100% plug-and-play, set-it-and-forget solution\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How does it work?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin completely disables the WP REST API \u003Cem>unless\u003C\u002Fem> the user is logged into WordPress.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For logged-in users, WP REST API works normally\u003C\u002Fli>\n\u003Cli>For logged-out users, WP REST API is disabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>What happens if logged-out visitor makes a JSON\u002FREST request? They will get only a simple message:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>rest_login_required: REST API restricted to authenticated users.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This message may customized via the filter hook, \u003Ccode>disable_wp_rest_api_error\u003C\u002Fcode>. Check out \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fnot-entirely-for-non-techies\u002F#post-12014965\" rel=\"ugc\">this post\u003C\u002Fa> for an example of how to do it.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way. If anything it \u003Cem>improves\u003C\u002Fem> user privacy, as it protects potentially sensitive information from being displayed\u002Faccessed via REST API.\u003C\u002Fp>\n\u003Cp>Disable WP REST API is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support development of this plugin\u003C\u002Fh3>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","Disables the WP REST API for visitors not logged into WordPress.",30000,365611,36,"2026-01-29T17:42:00.000Z","4.7","5.6.20",[19,146,22,104,105],"disable","https:\u002F\u002Fperishablepress.com\u002Fdisable-wp-rest-api\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-wp-rest-api.2.6.7.zip",{"attackSurface":150,"codeSignals":187,"taintFlows":243,"riskAssessment":270,"analyzedAt":278},{"hooks":151,"ajaxHandlers":183,"restRoutes":184,"shortcodes":185,"cronEvents":186,"entryPointCount":13,"unprotectedCount":13},[152,158,163,167,171,175,179],{"type":153,"name":154,"callback":155,"file":156,"line":157},"action","plugins_loaded","jsondi_load_plugin_textdomain","index.php",61,{"type":159,"name":160,"callback":161,"priority":11,"file":156,"line":162},"filter","plugin_action_links","jsondi_plugin_action_links",62,{"type":159,"name":164,"callback":165,"file":156,"line":166},"query_vars","jsondi_add_query_vars",63,{"type":159,"name":168,"callback":169,"file":156,"line":170},"init","jsondi_add_rewrite_rules",64,{"type":153,"name":172,"callback":173,"file":156,"line":174},"template_redirect","jsondi_get_my_vars",65,{"type":153,"name":176,"callback":177,"file":156,"line":178},"admin_menu","jsondi_menu",68,{"type":153,"name":180,"callback":181,"priority":11,"file":156,"line":182},"admin_enqueue_scripts","jsondi_admin_css",69,[],[],[],[],{"dangerousFunctions":188,"sqlUsage":189,"outputEscaping":196,"fileOperations":241,"externalRequests":13,"nonceChecks":32,"capabilityChecks":32,"bundledLibraries":242},[],{"prepared":190,"raw":32,"locations":191},3,[192],{"file":193,"line":194,"context":195},"includes\\tools.php",87,"$wpdb->get_results() with variable interpolation",{"escaped":32,"rawEcho":197,"locations":198},22,[199,202,203,205,206,208,209,210,212,214,216,219,221,223,225,227,229,231,233,236,238,240],{"file":200,"line":162,"context":201},"includes\\admin.php","raw output",{"file":200,"line":162,"context":201},{"file":200,"line":204,"context":201},76,{"file":200,"line":26,"context":201},{"file":200,"line":207,"context":201},86,{"file":200,"line":194,"context":201},{"file":200,"line":118,"context":201},{"file":200,"line":211,"context":201},95,{"file":200,"line":213,"context":201},112,{"file":200,"line":215,"context":201},159,{"file":217,"line":218,"context":201},"includes\\get_datas.php",178,{"file":217,"line":220,"context":201},241,{"file":217,"line":222,"context":201},280,{"file":217,"line":224,"context":201},282,{"file":217,"line":226,"context":201},347,{"file":217,"line":228,"context":201},397,{"file":217,"line":230,"context":201},404,{"file":217,"line":232,"context":201},435,{"file":234,"line":235,"context":201},"includes\\rest_api.php",71,{"file":193,"line":237,"context":201},56,{"file":193,"line":239,"context":201},154,{"file":193,"line":215,"context":201},4,[],[244,262],{"entryPoint":245,"graph":246,"unsanitizedCount":13,"severity":261},"jsondi_options_page (includes\\admin.php:14)",{"nodes":247,"edges":258},[248,253],{"id":249,"type":250,"label":251,"file":200,"line":252},"n0","source","$_POST['options']",41,{"id":254,"type":255,"label":256,"file":200,"line":252,"wp_function":257},"n1","sink","update_option() [Settings Manipulation]","update_option",[259],{"from":249,"to":254,"sanitized":260},true,"low",{"entryPoint":263,"graph":264,"unsanitizedCount":13,"severity":261},"\u003Cadmin> (includes\\admin.php:0)",{"nodes":265,"edges":268},[266,267],{"id":249,"type":250,"label":251,"file":200,"line":252},{"id":254,"type":255,"label":256,"file":200,"line":252,"wp_function":257},[269],{"from":249,"to":254,"sanitized":260},{"summary":271,"deductions":272},"The \"json-dashboard-infos\" plugin version 1.0.4 exhibits a generally strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant positive. Furthermore, the plugin demonstrates good practices by incorporating nonce checks and capability checks, along with a high percentage of SQL queries utilizing prepared statements.  The lack of any recorded vulnerabilities in its history further reinforces this positive outlook.\n\nHowever, there are notable areas for improvement. The static analysis reveals a concerningly low percentage (4%) of properly escaped output. This indicates a potential risk for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is directly outputted without proper sanitization. While taint analysis found no unsanitized paths, this low output escaping rate still presents a significant concern. Additionally, the presence of file operations without further context could be a minor risk if not handled securely.  Despite the low output escaping rate and file operations, the plugin's clean vulnerability history and protected entry points suggest it is currently in a relatively secure state, though the potential for XSS should be addressed.",[273,276],{"reason":274,"points":275},"Low percentage of properly escaped output",8,{"reason":277,"points":47},"File operations present without context","2026-03-16T23:36:53.051Z",{"wat":280,"direct":286},{"assetPaths":281,"generatorPatterns":283,"scriptPaths":284,"versionParams":285},[282],"\u002Fwp-content\u002Fplugins\u002Fjson-dashboard-infos\u002Fjsondi.css",[],[],[],{"cssClasses":287,"htmlComments":291,"htmlAttributes":292,"restEndpoints":299,"jsGlobals":301,"shortcodeOutput":302},[288,289,290],"jsondi-table","jsondi-col-left","jsondi-warning",[],[293,294,295,296,297,298],"name=\"options[securitykey]\"","id=\"securitykey\"","name=\"options[transient_timeout]\"","id=\"transient_timeout\"","name=\"options[code]\"","id=\"code\"",[300],"\u002Fwp-json\u002Fjsondi-api-v1\u002F",[],[]]